Re: [libvirt] [PATCH v4 4/8] libxl: do not enable nested HVM unless global nested_hvm option enabled

On Mon, Feb 26, 2018 at 04:23:18PM -0700, Jim Fehlig wrote: > On 02/26/2018 04:10 PM, Marek Marczykowski-Górecki wrote: >> On Mon, Feb 26, 2018 at 03:47:11PM -0700, Jim Fehlig wrote: >>> On 02/08/2018 03:58 PM, Marek Marczykowski-Górecki wrote: >>>> + >>>> +# Nested HVM global control. In order to use nested HVM feature, this option >>>> +# needs to be enabled, in addition to specifying <cpu mode='host-passthrough'> >>>> +# in domain configuration. >>>> +# By default it is disabled. >>>> +#nested_hvm = 0 >>> >>> I think per-domain settings should override this one. Users would find it >>> odd that they don't have vmx in their hvm guest with >>> >>> <cpu mode='host-passthrough'> >>> <feature policy='require' name='vmx'/> >>> </cpu> >> >> I like this one :) It means that by just introducing global >> "nested_hvm = 0", we can have what I've originally proposed - nested HVM >> disabled until explicitly enabled with exactly this config snippet. > > Yes. Sorry if we've been going around in circles on some of these topics. Ok, so before I go with v5 being mainly revert to v3 (+global config), can you confirm that it is really ok? Will it be consistent enough with KVM case? Not sure how it's handled there, but I'd guess if _kernel module_ parameter is set to 0 (is it where the global switch is?), it will stay disabled regardless of what you specify in libvirt domain XML.